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(54) Processing method and apparatus for converting information from a first format into a 
second format 



(57) A data processing method and apparatus are 
proposed for used in the encryption, decryption and 
authentication of messages. A memory for storing input 
information, a set of operations and a processor for exe- 
cuting the operations on the stored input information are 
provided. The input information is utilised to select the 
order and number of operations performed. The opera- 
tions are devised such that any possible input string will 
be interpreted as a valid program and the memory is 
extensible. Furthermore, data is output as a function of 
the input information. As a result the state of the mem- 
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ory generated during execution is indeterminate prior to 
execution and the process evolves differently for each 
possible input string. Accordingly, the process per- 
formed by the module cannot be described by an algo- 
rithm. The method and apparatus according to the 
invention have a number of different applications partic- 
ularly in the field of cryptography including a random 
number generator, a one way hash function generator 
or as a key generator for a cipher primitive in encryption 
and decryption. 
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Description 

1 . Field of invention 

moon The present invention is directed to the con- s 
Sn of Ration from a first format into a second 
format and specifically applies to a method and an 
£££ foruse in the encryption ^^the 
authentication of information and the generat.cn ^ 
pseudo-random numbers. 

2. Background art 



encrypt with the same key will undergo 

2e a 552** attempting to decrypt a message 
SSJd ST* powerful computer is limited only by he 
armea wnn a y DOSS ible permutations) and the 

increasing the complexity ot 7 » 
ally repenw/eiy art scheme 



used bv each user will be invariant, and the complexity 
of & *X will depend directly on the streng* and 
nuler of encryption and decryption codes uhM 
100051 in US-A-5 365 589 to Gutowrtz 
'encryption, decryption ^J^^^SS- 
that utilises dynamical systems, that is. sysxe 
orfeina a set of states, and a rule for mappmg each state 
to other states. The dj^JJ 
employed are cellular automata. A collection of cellular 
aSmata are used as secret 
telly a subset of this collection is selected ^ncryp- 
Son a^d the message to be encrypted .s 
°[ ■ irrpnt states The selected keys are applied over a 
red^S number of cycles and the resulting £ 
rent states constitute the ciphertext. While «^s*eme 
s based on cellular automata it may not be cons.de red 

number of keys or ^.^^ZZ^tZ 
tion. and whilst it is poss.ble to «W^Sfe*le Fur- 

the system. 



SUMMARY..OF INVENTION 



[0 0051 in the light of this prior art it is ar .object £ 

Son to pro^de an informer ^5KTS 

tion or authentication schemes to be suds 

increased. h inven tion 

rnoosi According to one aspect qt uw 

ing 

instruction tabie comprising a -^operations 
adapted to modify the sta te of *° ™^ perations 
nrocessing means adapted to select opei 
STE instruction table in -ponse^ eas 
nart of the input information and to execute me 

at least one of the set of °P era * on L be,nS *f 0 7* t 
Se Response to any possible confjgurat.cn of at 
least Dart of the input information, and 
SSJTt extracting output information from the 
memory. 
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[0009] According to another aspect of the invention 
there is provided a method for the conversion of infor- 
mation from a first format into a second format compris- 
ing: 

5 

establishing a set of operations for modifying the 
state of a memory, 

storing input information in a first format in the 
memory, 

selecting operations from the set in response to at 10 
least part of the input information and executing the 
operations on information stored in the memory, 
wherein the set of operations is devised such that 
an operation will be selected in response to any 
possible input information stream, and is 
extracting information from the memory in a second 
format after executing at least one operation. 

[0010] A characteristic of the method and appara- 
tus according to the present invention is that the proc- 20 
ess by which the input information is encoded depends 
entirely on this input information. Specifically, both the 
sequence and the number of operations executed is 
defined by the information to be encoded. The input 
information essentially serves as a program for its own 25 
encryption. Consequently, the process cannot be 
described in terms of an algorithm because by definition 
it must differ for each different input information stream. 
Even with knowledge of the structure of the arrange- 
ment or the steps of the method according to the inven- 30 
tion, the actual process executed will be indeterminate 
until information is actually supplied. This has the 
advantage that the process executed cannot be 
described or determined without knowledge of the input 
information. Furthermore since each freshly selected 35 
operation will be carried out on the accumulated results 
of previously input information stored in memory, even 
partial knowledge of the input will not facilitate recon- 
struction of the actual process executed because the 
output will be a function of all the input. 40 
[001 1 ] A further advantage is that inputting random 
information will necessarily generate a random output, 
since both the operations executed and the information 
on which the operations are performed will be random. 
[001 2] In a further aspect of the invention the afore- 45 
mentioned arrangement is included in a system for the 
encryption and decryption of message data comprising 
a cipher device, the cipher device being adapted to 
receive message data and at least one cipher key and 
to generate encrypted data corresponding to an encryp- so 
tion of the message data, wherein the output data 
extracted from the data processing arrangement is the 
cipher key. 

[0013] In a still further aspect of the invention the 
aforementioned method is utilised in a method for the ss 
encryption and decryption of message data including 
utilising the information extracted from the memory as a 
cipher key and encrypting the message data with a 



cipher function and the cipher key to generate 
encrypted information. 

[0014] By utilising the arrangement and the method 
according to the invention as a cipher key generator for 
a cipher primitive, the overall strength of the cipher prim- 
itive can be substantially increased. Not only will the 
generation of a key be a highly complex process but, in 
addition, several different keys can be generated and 
used for the encryption and decryption of a single mes- 
sage. This permits the security of any known cipher sys- 
tem be substantially improved and has the added 
benefit of eliminating the need for the communicating 
parties to have access to a large collection of shared 
keys. 

BRIEF DESCRIPTION OF THE DRAWINGS 

[0015] Further objects and advantages of the 
present invention will become apparent from the follow- 
ing description of the preferred embodiments that is 
given by way of example with reference to the accompa- 
nying drawings, in which: 

Fig. 1 shows a block diagram schematically depict- 
ing a module or arrangement embodying the 
present invention. 

Fig. 2 schematically depicts the arrangement of 
memory in an alternative embodiment of the 
module of Fig. 1, 

Fig. 3 schematically shows an application of the 
module of Figs. 1 or 2 in an encryption and 
decryption arrangement, 

Fig. 4 shows a block format to be input into an 
encryption and decryption apparatus accord- 
ing to the present invention, 

Fig. 5 . illustrates the format of input data accepted 
by the module of Figs. 1 or 2 in an encryption 
and decryption according to the present 
invention, 

Fig. 6 is a flow diagram showing the processing 
steps performed in an encryption and 
decryption apparatus according to the 
present invention, and 

Fig. 7 schematically illustrates encryption and 
decryption using the arrangement of Fig. 3. 

DETAILED DESCRIPTION OF THE DRAWINGS 

[0016] A machine or apparatus module embodying 
the present invention is shown in Fig. 1 by reference 
numeral 10. The module 10 comprises a processor 11, 
a program memory 12, an instruction memory or lookup 
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table 13, and a genera, purpose memory ^JSS 
erably should be accessible at least partially randomly 
Anlnput port 16 and output port 17 areprovtded for 
mserfno and extracting information, respectively and an 
SSES&r 15 is included between »e genera, pur- 
pose memory 14 and the output port 17 . 
moiTl The input information, which .n the preferred 
SmerTls inL form of a binary 
^Tprogram memory 12. This memory 12 preferably 
has a large capacity to enable as much as possible of 
^in^Sor^tion to be accessed as JJUji 
be explained below. The instructs table 13 holds a 
«j£m*ied set of instructions or operators 
?oSSesT^ese operators are addressed using sec- 
Sof the input information stored in memory 12 as 
addresses or indexes to the table 13. Hence the input 
£S essentially serves as a program according 
fwWch the processor 11 ^Z *ZZVt£ 
♦h« instruction table 13 on data in the memory 14. l ne 
nTrnS ^operators stored in the instruction table 13 >s 
cho^to co'rrespond to the size of the input information 
seSons sewing as program steps, so that every po&>- 
bfeWiutatior of input numbers accesses a valid ope - 
ator TSher words, any possible string of input 
numbers in this case, any possible input binary s m 
Z "TvS Program. In the exemplary embodiment, the 
lessor meads 10 bits of the stored input informa- 
SSme as a program step. This informal could 
la" an ^alue beSJen 0 and 1023. Hence to ensure 
KTany poSble input string will enable the processor 
11 to select a valid operation, the instructor -memory 
holds 1024 operators. The operators are preferably dri- 
est dependent of one 
different input strings will cause an identical sequence 

?OoTr t,0 Wni'st in the embodiment described with ref- 
erence to Fig. 1 the number system used for storing and 
mJnipu ating the information is binary, wh.ch advanta- 
3 permits the use of a digital processor, .t w.ll be 
9 ^?I-S that any number system may be used 
acS TtoTe needs of the implementation of the 
module 10 and the application requirements. 
m~ 9 ] An instruction pointer (IP) (shown in F,g^2) is 
Se ated with the program memory 12 and used by 
me SSelo 1 1 to select the address of operators con- 
SSfSS instruction table 13. The program: steps 
™nStuted by the input information may be selected .n 
a %£5L fashion from one end of the info rmafron to 
me Sner however the processor 1 1 is preferably capa- 
ble ol controlling the pointer IP to select a program step 
"cm any portion of the information ■^.^ 
imnii^ that the program memory 12 must have a 
SaXy Tafge enoug^to allow access to any section , of 
f^«P amount of input information. The instruction 

Inahla ttie order of the instructions, that is the 
^SessS of each instruction, to be changed The 
SruSons themselves are chosen to change the state 



of the memory 14 in some way. The instructions typi- 
cXndude, but are not limited to, fast operations such 
fs add subtract, table lookup and slow operations su* 
as inteoer multiply and iterations. However it is .mpor- 
s Jn^STreTr^Vuctions are limited to operate on areas 
S memory 14 containing data and that instructions that 
maTa^eS processing are excluded. The operations in 

ory 14 and thereby change the state of the module 10 

10 rao201 in the preferred embodiment, data is proc- 
Sm ul of ^2 bit. Accordingly, the genera. £ 
nose memory 14 holds 32-bit words, and is of a sze 
ESfciSTtly large to ensure adequate complexrty in the 
, 5 aeSon ofThe output data. It should be noted that to 
" Sieve maximum complexity for any fixed number of 
operations, full computabi.ity ^ould fa e provid^ 
requires that the memory be extensible, that is A shouW 
rSe a size that can be altered during processing to 
Z^rt the necessity of rounding-off. It should be noted 
20 XSZESSm cause to two different operations 
to produce the same result and accordingly limits the 
possible processing diversity of the module 10. 
null 'n F-g 1 a bidirectional connection ,s sche- 
S5 Sly shown between the program memory 12 and 
*e general purpose memory 14 to indicate that data 
mly be exchang'ed between the two. Specif ica Uy. when 
Cutting data, this information can be fed both to the 
nrooTm memory 12 and to the general purpose mem- 
nrv 14 hTS input data serves simultaneously as pro- 
30 g^m a^ operS. and me output data wiH contain 
Es of input data that has been transformed by the 
Program. Similarly, datafrom the general purpose , mam- 

35 used as program. It will be understood that the initial 
Sntnt o?the genera, purpose memory 14 depends on 
the particular application of the module 10. This will be 
discussed in more detail below. 
mo221 The output register 15 serves to buffer 
40 SS of output data extracted from the j«J-£ 
nose memory 14. The output register 15 is structures 
S3 of rows, in the preferred embodiment the 
S4r 15 contains 13 such 32-bit rows. The oufout 
2LT read from predetermined locations in i memory 
« For example, if the memory were .mplemented as a 
number 5 stacks (see discussion below) the output 
data could be taken from the top of the stacks. 
ro023? The extraction of output data could occur 
Scally. for example afterthe execution of a prede- 
50 SSS number of operators. ™ 

mented using a counter and stop flag * a * " n J* 
undated by the processor 1 1 . Tbe stop flag is preferably 
^pSic location in the genera, purpose memory 14 
HowSer. the extraction of output data should preferably 
ss be dependent on the input information in the same way 
asth?pmcessingofthisinformation. other words the 
TZ m Ze at wltich the stop flag will be set should be 
irSeteniinate prior to supplying the input information. 
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Specifically, the point in time at which extraction is ena- 
bled is determined by the occurrence of a number of 
selected operators or the contents of a particular loca- 
tion in memory, or a combination of the two. This is 
implemented in the module 10 by providing a stop flag 5 
that can be consulted by the processor 1 1 at intervals, 
for example after every operation. The stop flag is a 
reserved portion of memory 1 4. At least one of the oper- 
ators contained in the instruction table 13 updates the 
stop flag when it is executed. Such an update will not 70 
normally consist of setting the stop flag to "stop" but 
rather to assign "stop" only if some condition is met by 
some data. Each individual operation that updates the 
stop flag, are preferably devised to do this in different 
ways. t 75 

[0024] Preferably several of the operations will be 
adapted to update the stop flag. When the stop flag is 
set. data is output onto the output register 15 from at 
least one specific location in memory. The specific loca- 
tion or locations may be pre-defined or be dependent on 20 
the operators called. In addition, specific operations 
may be performed on the output data prior to its transfer 
to the output register 15. These additional output opera- 
tions are preferably selected from a plurality of possible 
operations selected according to the value of a prede- 25 
termined location in the general purpose memory 14. 
[0025] It will be understood that the updating of the 
stop flag need not be limited to the description given 
above. However, it is important that certain conditions 
are imposed on the generation of the stop flag to reduce 30 
the risk of data being extracted after undergoing only 
very few operations. 

[0026] It should further be noted that the calling of 
the stop flag need not arrest processing. While in a soft- 
ware implementation of the module 10, it is convenient 35 
to permit the processor to consult the stop flag after the 
execution of each operation, it will be understood that 
this could be done in parallel with the execution of oper- 
ations. It is further evident that if the output operation 
were implemented entirely in hardware, the triggering of 40 
output data extraction could be independent of the func- 
tions of the processor. 

[0027] The register 1 5 may output data in a block of 
equivalent size to that of the input blocks, of a larger 
size, or of a smaller size. 45 
[0028] The module 10 may also include a feedback 
connection between the output register 1 5 and the gen- 
eral purpose memory 12 so that output is also used as 
program to process the contents of memory 14. This 
provides added security and reduces the risk that some so 
of the data in the output register does not change from 
one extraction to another. Also the final output extracted 
by the output register 15 will then be a function of both 
the information input and information output. Depending 
on the application of the module 10, it may be advanta- ss 
geous to iterate this feedback operation for at least a 
predetermined number of times. 
[0029] Optionally there can be provided a direct 



input connection (not shown) to the general purpose 
memory 14, to enable the initial state of this memory to 
be set externally. It will, however, be understood that the 
general purpose memory 14 could be at least partially 
filled with initialising input data via the input port 16 and 
the program memory 12 under control of the processor 
11. 

[0030] While in Fig. 1 there are schematically 
depicted various individual elements and connections 
between individual elements of the module 10, it will be 
understood that the implementation of the individual 
functional elements and the exchange of data between 
these elements may be achieved in different ways. In 
particular, a single random access memory could be 
provided for storing the input data program, the operand 
data and possibly also the operators of the instruction 
set and their addresses. In order to obtain extensible 
memory, it is preferable to implement the memory 14 as 
at least one stack and possibly also at least one regis- 
ter, to enable data to be transferred from stack to regis- 
ter or vice versa. However, full computability, i.e. the 
capability to simulate any possible machine, will be ena- 
bled only when at least two stacks are provided. An 
equivalent level of computability would be provided with 
a bi-directional readable and wrrteable tape. 
[0031 ] In another wording, the definition of full com- 
putability in a data processing device may also be 
expressed as the device being capable of. given a suit- 
able program, simulating any computational process. 
Such a data processing device is most often referred to 
as a computational machine being capable of universal 
computation. 

[0032] Fig. 2 shows a preferred implementation of 
the memory elements of module 10 wherein the various 
interconnections are omitted. In. this figure, elements 
similar to those shown in Fig. 1 have like reference 
numerals. In common with Fig. 1 the arrangement 
according to Fig. 2 comprises a program memory 12. A 
program register 121, which in the preferred embodi- 
ment has a capacity for addressing a 10-bit word, is 
associated with the program memory 1 2 and serves to 
hold the current program step selected by the instruc- 
tion pointer IP. The instruction pointer is controlled by 
the processor 11 (Fig. 1). As mentioned above, the size 
of the program memory depends on the manner in 
which input data is used to select operators. Ideally the 
program memory 1 2 should be large enough to store an 
entire input message, so that the processor may select 
an instruction from any part of the message. In practice 
this may be problematic and costly, however, to enable 
a reasonable simulation of full computability it is pre- 
ferred that the program memory has a capacity for at 
least 100,000 bytes. The instruction table 13 is the 
same as in Fig. 1 and is adapted to hold 1024 instruc- 
tions that are accessed by means of the information in 
the program register 121 . The general purpose memory 
14 of Fig. 1 is replaced by three stacks 141, each 
adapted to hold 32-bit words, and at least one register 
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142. The implementation of the memory with stacks 
permits the memory to grow as the processing pro- 
ceeds and accordingly substantially enables full com- 
putability. The stacks 141 could be empty initially and 
filled progressively with input data as the input 5 
sequence is fed into the module. Alternatively and 
depending on the application, the stacks 141 could be 
initialised with a random number sequence or any pre- 
determined number sequence. The register 142 serves 
to extend the instruction set and specifically is used to w 
temporarily store data when the stacks are updated. 
With the memory implemented as shown in Fig. 2, the 
instructions contained in the instruction table 13 can 
include operations to transfer data between two stacks 
141, between a stack 141 and the register 142. opera- is 
tions on data contained in the stacks 141 and the regis- 
ter 142, and an operation that may alter the order of 
other operations. If more than one register 142 is pro- 
vided, valid operations could also include transfers 
between registers. 20 
[0033] In order to ensure a high complexity in the 
process, it is preferred that the number of available 
instructions is at least of the order of 500 and that the 
memory 14 is at least 100,000 bytes in length. If the 
memory is implemented in the form of stacks and regis- 25 
ters. it is preferred that registers with capacity of at least 
1 SObits and at least three memory stacks are available. 
One way of characterising embodiments of the inven- 
tion is by the requirement that the operations in the 
instruction table comprise such a large number of differ- 30 
ent operations that all combinations of said instructions 
can be simulated only by a data processing device hav- 
ing full computability. The least theoretical number of 
operations achieving this requirement is limited to a few 
suitably selected different operations. ^ 35 
[0034] The arrangement shown in Figs. 1 and 2 
represent the functional structure of the module 10 
according to the present invention. It will be appreciated 
that this function may be implemented in a number of 
different ways. A hardware implementation could 4C 
involve the use of a microprocessor with an associated 
non-volatile memory containing mapping between the 
selected program steps represented by the input data 
and the predetermined instructions, and random access 
memory (RAM) for storing the input program, the data 4t 
used as operands and the output data. The entire mod- 
ule 10 could also be implemented in software. This has 
the advantage that the size of the program steps and 
the number of available operations can be changed 
more easily and accordingly be adapted to any specific 5< 
application. A software implementation of the module 
would preferably be stored on a non-volatile memory, 
such as the hard disc of a computer, or even on a 
machine-readable storage medium such as a set of dis- 
kettes. CD ROM or tape for use with any data process- s 
ing machine. The program could also be made available 
through transmission over a telephone line, on the inter- 
net or via other communication means, by modulating a 



carrier signal with information representing the pro- 
gram. 

[0035] While it may be possible to implement the 
functions of the data processing module 1 0 on any gen- 
eral purpose computer, this would entail the incorpora- 
tion of a number of essential modifications. In particular, 
in the module and method according to the present 
invention all possible input data strings must be inter- 
preted as valid program and be capable of addressing a 
valid instruction. This is necessary to prevent unauthor- 
ised instructions from terminating execution of the pro- 
gram and limiting the complexity of the module's 
function. Most general purpose comuters also have a 
minimal set of operations where each operation perform 
an atomic operation only. The present invention could 
use an operation list of more complex kind, where each 
selected operation perform a series of state changes, 
as compared to a single state change for the well-known 
general purpose computer. Furthermore, the processor 
must be prevented from accessing extended virtual 
memory. Since any selected instruction must be valid, 
instructions such as JUMP and MOVE must be limited 
to areas of real memory if they are to be authorised. 
Finally, all instructions that arrest processing, such as a 
HALT instruction, or output data on a screen or printer 
must be excluded from the instructions set. In this 
respect it is important to note that the module 1 0 is not 
intended to output data in the conventional sense as 
part of its normal execution. It merely operates to 
update internal memory. In this respect, the output reg- 
ister 17 can be viewed as external to the processing of 
module 10 as such, since it extracts selected portions of 
the memory at intervals during operation without influ- 
encing the contents of the memory. 
[0036] The module 10 is a data processing device 
wherein the state generated during execution cannot be 
predicted prior to execution. The process evolves differ- 
ently for each possible input string. In other words, the 
process performed by the module cannot be described 
by an algorithm. This function has a number of useful 
applications, particularly in the field of cryptography. 
The operation of the module 10 for some of these appli- 
cations will be discussed below. 

Random number generator 

[0037] As mentioned above, the sequence of oper- 
ations performed by the module 10 depends on the 
input information. Hence inputting a random number 
sequence, commonly called a "seed", will be interpreted 
as a program of random operations and consequently 
generate a random output. 

[0038] Random number generators have many 
uses. An example is the generation of weekly lottery 
numbers. Another application would be in the area of 
Monte-Carlo simulations, or as a random number gen- 
erator for Genetic Algorithms or Simulated Anneling. An 
important further application is the generating of cipher 
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keys for the encryption and decryption of information. 
[0039] The initial input sequence should be 
obtained from a high quality random noise source, such 
as the SGI 00 hardware noise generator manufactured 
by Protego Information AB, Malmd, Sweden. 5 
[0040] Prior to operation, the general purpose 
memory 14 of the module 10 will be at least partially 
filled with a random sequence. This sequence may be 
the seed itself which would then be loaded simultane- 
ously into the program memory 1 2 and general purpose 1 o 
memory 14. Alternatively a separate random number 
may be used. This has the advantage that a larger initial 
sequence could be used to define the state of the gen- 
eral purpose memory 1 4 than is needed or desired as a 
seed. The seed would then be input into the program 15 
memory 12. For this application, the seed could be input 
in its entirety, and the instruction pointer moved step- 
wise through the sequence, selecting the corresponding 
instruction as it moves. As an instruction is selected, the 
data contained in the general purpose memory 14 will 20 
be updated in some way defined by the operation. A 
number of operations contained in the instruction table 
13 will also update the stop flag that is represented by a 
location in the memory 1 4. The value of the stop flag will 
be checked at intervals, possibly after the execution of 25 
each instruction, and when it is found to be set, data 
contained in specific locations in memory will be read 
out to the output register 15 as random output. 
[0041] The module 1 0 should preferably be capable 
of generating a large number of different keys from a 30 
single seed. This may be achieved simply by repeating 
the program defined by the seed. Preferably, however, 
the program will not be limited to the steps defined in the 
seed but will also use other data as program. For exam- 
ple the contents of the general purpose memory 14 35 
might be used. This may be implemented by automati- 
cally loading the program memory 12 from a specific 
location in the general purpose memory 14 once the 
instruction pointer IP has stepped through seed, or 
when the program memory is empty. As a further possi- 40 
bility, any data extracted as a random output could also 
be fed back into the program memory 12. However, to 
reduce the likelihood of some of the output data being 
unchanged between extractions, the whole process 
should be repeated at least once with the last generated 45 
key serving as input data before the random number 
output is actually produced. In this way, the amount of 
random output that can be generated will be limited only 
by the run time of the module 10. 

so 

One Way Hash Function 

[0042] It will be apparent from the nature of the 
module 10 that its function is not reversible. In other 
words, the module will not generate input information 55 
from the corresponding output data. As discussed 
above, the output string length can be fixed while the 
input string length may be variable. The module 10 can 



thus be used as a one way hash function. Other names 
for this function include compression function, contrac- 
tion function, message digest, fingerprint, cryptographic 
checksum, message integrity check (MIT) and manipu- 
lation detection code (MDC). 

[0043] For this application a feedback connection 
between the output register 15 and the program mem- 
ory 12 may not be necessary. In its simplest form, a one 
way hash function could be implemented by initially 
loading the general purpose memory 14 with a prede- 
termined bit stream, for example alternate Vs and Os. 
The message to be fingerprinted is then input into the 
program memory 12 and the processor executes all the 
operations until the message is terminated and then 
stop. The data contained in the output register would 
then be the checksum, or fingerprint, of the message. 
[0044] In a further embodiment, the stop flag of the 
processor could be disabled and the processor be 
adapted to enable the output register 15 to extract infor- 
mation from one or more specific locations in the mem- 
ory 14 only when the execution of the program is 
terminated. In this application, the size of the output 
register could be selected to provide a condensed fin- 
gerprint or checksum of the message. 
[0045] If the verification of a message hash function 
is to be kept secret, a secret key can be used when 
computing the hash function. This is also known as 
Message Authentication Code (MAC). This assumes 
that the parties wishing to demonstrate and to verify the 
authenticity of a document share a secret key, or collec- 
tion of secret keys, and some convention for selecting 
which key is to be used. In this case, the secret key 
could be used as the initial value of at least part of the 
general purpose memory 1 4, as a header to the mes- 
sage information, or employed to change the order of 
the operations in the instruction memory 13, i.e. their 
addresses, or a combination of any of these. Only a per- 
son in possession of the key used to generate the hash 
function can verify whether the message is authentic or 
not. 

Encr yption/D ecryption 

[0046] As already discussed above, the module 10 
can be used as a key generator for a cipher system 
when fed with a random number sequence. In a pre- 
ferred embodiment the module 10 is combined with a 
cipher primitive to generate a highly secure cipher func- 
tion. The encryption and decryption arrangement is 
shown in Fig. 3. 

[0047] In this embodiment, the module 10 is 
arranged in parallel with a further element 20 represent- 
ing a cipher system. The cipher system 20 may be a 
simple cipher primitive such as substitution, or could 
embody any known block or stream cipher function. 
However it is preferable that the cipher system 20 uti- 
lises an algorithm with a tried and trusted level of secu- 
rity. If the apparatus according to the invention is to be 
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used as a random number generator, a stream cipher 
could be selected; and the encrypting sequence result- 
ing from the stream cipher could be used as a random 
source. 

[0043] As for any encryption and decryption 5 
scheme, a secret key shared between the person 
encrypting the information and the person authorised to 
decrypt the information must be utilised. 
[0049] In the preferred embodiment described 
below, the cipher system 20 is a block cipher function 10 
adapted to use two keys to generate ciphertext. One 
key is a secret key EKEY shared between the parties; 
the other key I KEY is generated by the module 10. In 
the arrangement depicted in Fig. 3, the input message 
or plaintext is fed simultaneously into the cipher system 15 
20 and the module 10. The module 10 generates an 
internal key, IKEY, and supplies this to the cipher sys- 
tem 20. The secret external key EKEY that is shared by 
the two communicating parties, or by parties authorised 
to access the encrypted information, is also input into 20 
the encryption and decryption arrangement and is used 
by the module 1 0 to generate the internal key IKEY. The 
cipher system 20 uses this internal key IKEY and also 
the external key EKEY to generate ciphertext. The 
ciphertext is output by the cipher system 20 on the right- 25 
hand side of the figure. The output ciphertext is also fed 
back from the output of the cipher system 20 to the 
module 10, and is utilised as program data to generate 
subsequent keys. In this way, the internal keys IKEY will 
be generated as functions of both the plaintext and the 30 
ciphertext. 

[0050] A further feedback connection is provided 
between the output and the input into both the module 
10 and the cipher system 20 to allow a message to be 
encrypted several times prior to storage or transmis- 35 
sion. 

[0051] Before being input into the module 10 and 
the cipher system 20, the message plaintext is prefera- 
bly compressed using a compression function 21 . Any 
known reliable compression function can be utilised. 40 
The compression serves to eliminate, or at least reduce, 
any periodic pattern in the message text sequence. This 
is advantageous particularly when several messages at 
least partially share the same format, such as a header 
having addresses, identification and checksum or the 45 
like, or carry a limited range of information, such as may . 
occur for electronic money orders for instance. As a fur- 
ther precaution to ensure that no two plaintext mes- 
sages will be the same, a random number is also added 
to the message text using a combiner 22. It will be 50 
understood that while in Fig. 3 the combiner 22 is shown 
as a separate element, this arrangement should be 
understood to indicate that the addition of random noise 
occurs prior to the functions performed in the module 1 0 
and the cipher system 20. In a hardware implementa- 55 
tion of the encryption and decryption arrangement, the 
combining function could be performed in either the 
module 10 or the cipher system 20, or even in both. As 



discussed above, a random number should be obtained 
from a high quality noise source. The combiner 22 pref- 
erably interleaves random numbers with the message 
text as will be described below. 

[0052] Information is both read into the encryption 
and decryption apparatus and processed in words of 32 
bits. Before information can be fed to the apparatus it is 
formatted into blocks. These have the . generalised 
structure shown in Fig. 4. Since the formatting into 
blocks is performed prior to feeding the information into 
the module 10 and cipher system 20, this function is 
preferably performed in combiner 22. 
[0053] As shown in Fig. 4, the block comprises a 
number of plaintext portions 120 interleaved with ran- 
dom noise 110. Specifically, the plaintext (DATA), prefer- 
ably previously compressed, is divided into portions 1 20 
containing a maximum of 8192 bytes. If less than 8192 
bytes of information are present, a smaller plaintext por- 
tion 120 is formed. The same is true if less than 8192 
bytes remain after the total (compressed) plaintext is 
divided into portions. However, as the encryption and 
decryption arrangement of Fig. 3 processes information 
in 32-bit words, all plaintext portions 120 must be divisi- 
ble by 4 bytes. This is achieved by adding a sequence of 
0 to 3 bytes of random noise to any short plaintext por- 
tion 120. 

[0054] A header 110 comprising 256 bytes of ran- 
dom noise (N) is inserted at the front of each section. 
The relative sizes of the data 120 and noise 110 por- 
tions have been selected to ensure that the message to 
be encrypted contains at least about 3% of random 
noise. It will be apparent to those skilled in the art that 
this proportion may be changed for certain applications 
depending on the level of security that is desired. 
[0055] Further information, denoted by x, may be 
provided at the end of the block. This preferably 
includes a checksum for the block and may also com- 
prise further random noise. 

[0056] In the present embodiment, the number n of 
plaintext sections 120 per block is limited to 64. Accord- 
ingly a block can contain any value between a maximum 
of 512 Kbytes (i.e. 524,288 bytes) and a minimum of 1 
byte of plaintext. 

[0057] In the present embodiment, the external key 
EKEY comprises a data sequence that is a multiple of 
768 bytes. The number of multiples of 768 bytes deter- 
mines the number of iterations performed during 
encryption and decryption as will be described below. 
During each iteration, a new sequence of 768 bytes 
from the external key is fed into the apparatus as a 
header to the input data. The information format fed into 
the encryption apparatus (module 10 in Fig. 1) is shown 
in Fig. 5. 

[0058] An initialisation vector (IV) comprising 772 
bytes of random noise is also fed into the apparatus and 
is used during set-up for initialising the state of the mod- 
ule 10. It should be noted that whilst the external key 
EKEY may be the same for several different messages. 
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the initialisation vector IV will be different. 
[0059] An embodiment of the inventive encryption 
function is described with reference to Fig. 6. In this pro- 
cedure and all following procedures it is assumed that 
the memory of module 10 has the structure and func- 
tions depicted in Fig. 2. 

[0060] The input block of the form shown in Fig. 4 is 
typically held in a file prior to processing. This block is 
presented to the cipher system 20 and the module 10 
with the external key EKEY in step 501. The first time 
the process is executed, the memory 14 of the module 
10 must be filled with certain initial values. This is per- 
formed in steps 502 to 504. Firstly, part of the external 
key EKEY is transferred to the stacks 142 (step 502). A 
number of transfer operations between the stacks to fur- 
ther complicate the procedure may be carried out in 
step 503. Finally the addresses of the instruction table 
13 are at least partially randomised using the external 
key EKEY and the initialisation vector IV which has 
been previously fed into the apparatus in step 501 . 
[0061] The generation of the first internal key I KEY 
begins in step 505 when the value of an output opera- 
tion register referred to as op-reg in Fig. 6 is computed. 
This register actually refers to a particular memory loca- 
tion in the general purpose memory 14. The computa- 
tion of its value may take the form of adding some 
information to the previous value of the location. The 
newly computed value is used to access or address one 
of a pre-defined number of output operations (step 506). 
The output operations variously select the values of 
specific memory locations in the general purpose mem- 
ory 14, perform some operation on these values and 
update the result in the output register 15 as the internal 
key IKEY. In step 507 the selected output operation is 
executed and the internal key IKEY generated. Encryp- 
tion of the firsts 32 bits of plaintext is then performed by 
the block cipher 20 using the internal key IKEY and the 
first 32 bits of ciphertext is generated. It should be noted 
that this first 32^ unit of ciphertext is generated using 
only information contained in the external key EKEY 
and the initialisation vector IV; this allows an identical 
key to be generated for decryption when the block 
cipher function 20 is reversed. In step 509 the top of the 
stacks are updated using the 32 bits of ciphertext and 
the first 32 bits of plaintext, which in this case is the 
input data constituted by the compressed plaintext and 
random noise headers. Since the input data comprises 
256 bytes of random noise before the compressed mes- 
sage plaintext, the first sixtyfour blocks of 32 bits of input 
data will be comprised entirely of random noise. 
[0062] In this process, the ciphertext generated by 
the cipher system 20 is used as program data. Prior to 
its input into the program memory 12. a header consist- 
ing of the 768-byte external key EKEY sequence is 
added to the ciphertext block and inserted as program 
into the memory 12. The program data used by the 
module thus has the general format shown in Fig. 5. In 
step 510 the instruction pointer IP is set pointing to the 



left half of the ciphertext output of step 509, and in step 
51 1 the output operation register op-reg is updated with 
the 16 bits from the memory location pointed to by the 
instruction pointer IP. The instruction pointer IP is then 

5 moved 34 bytes back towards the beginning, i.e. back- 
wards in time, of the input block. In step 512, the value 
of the output operation register op-reg is then used to 
select one of the 1024 operations from the instruction 
table 13. The op-reg actually contains 32 bits, but only 

70 10 bits are used to call an operation. The stop flag is 
then checked in step 513 and if it is not set, the process 
returns to step 51 1 to update the output operation regis- 
ter and move the instruction pointer back a further 34 
bytes towards the beginning of the input (ciphertext) 

75 block. The next operation of the instruction table 13 to 
be executed will then be selected based upon the con- 
tents of the operations register. This process continues 
until the stop flag is set. A mechanism is also provided 
to prevent the IP to access an location outside the input 

20 string. In one embodiment this is realised by setting the 
stop flag also on this condition thereby breaking the 
loop. 

[0063] As mentioned above with reference to the 
module 10, a pre-defined number of operations in the 

25 instruction table 13 are adapted to update the stop flag. 
Once the stop flag is set, the pointers to the plaintext 
and ciphertext are moved one step, that is, into the next 
32 bits of plaintext and ciphertext (step 514). This step 
corresponds to the next 32-bits of plaintext and cipher- 

30 text being loaded into the general purpose memory 14 
and program memory 12, respectively. If the entire 
plaintext input block has not been encrypted (step 51 5), 
the process returns to step 505 to generate the next 
internal key IKEY for encrypting the next 32-bit cipher- 

35 text sequence. Otherwise, the process continues to step 
516 for checking whether there is a new 768-byte key 
sequence EKEYj +1 . If so, the process continues at step 
501 with the next EKEY i+1 , and otherwise, the process 
continues to step 517 to output the plaintext/ciphertext 

40 block. 

[0064] As mentioned above, the block cipher 20 
may comprise any conventional cipher primitive that 
uses substitution tables and various operations at least 
partially defined by the two keys EKEY and IKEY. Unlike 

45 the function of the module 10. which can only be per- 
formed in one direction, the block cipher function is 
reversible, provided the appropriate reverse mapping 
tables are used and the identical key provided. Accord- 
ingly, the decryption of ciphertext using the arrange- 

so ment of Fig. 3 can also be performed using the 
procedure illustrated in Fig. 6. 

[0065] It should be noted that the list of secret exter- 
nal keys EKEY 1f EKEY 2 , etc.. will be known to persons 
authorised to decrypt the information. 
55 [0066] The initialisation vector IV is likewise known, 
and may even be published. Since the actual operations 
performed on the memory contents are dependent on 
the input sequence, and this input sequence by defini- 
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tion will contain some unknown element, a cryptanaJyst 
will have no way of deducing the encryption function 
from the initialisation vector only. 
[0067] In fact decipherment of an encrypted mes- 
sage requires that the IV vector be known prior to deci- 
pherment The IV is normally sent "in clear" together 
with the cryptogram. It should be noted that, as the IV 
as well as the EKEY enters the invention both as pro- 
gram specification and also as input data, to the module 
10. that all forthcoming operations and data, internal to 
the memory 14 as well as present in the output 17, will 
depend on these inputs. 

[0068] If the IV is selected truly randomly prior to 
encrypting the plain text, no two encrypted messages 
will share the same IV. If each iteration, according to 
Fig. 6, is executed with an independent external key 
EKEY; it is clear that the combination of an EKEYj and 
an IV will occur only once. The IV is the same for al! iter- 
ations where the EKEYs will be different and the IV will 
change to next message where the EKEYs will be the 
same. 

[0069] Both the external key EKEY and the initiali- 
sation vector IV are identical for encryption and decryp- 
tion. Hence the execution of steps 501 to 507 for each 
iteration with a new 768-bit EKEY sequence will give the 
same result. For decryption it should be assumed that 
the block decryption performed in step 508 will be the 
inverse of the encryption function and will result in the 
generation of 32 bits of plaintext from the first 32 bits of 
ciphertext The remaining steps 510 to 513 are exe- 
cuted as for encryption. It should be noted that the order 
of the external keys EKEY used will be reversed for 
decryption. 

[0070] A schematic of the encryption and decryp- 
tion for a single iteration using a cipher function and a 
key IKEY generated by the module 10 is given in Fig. 7. 
Here it is apparent that a first internal key IKEY 0 used to 
generate the first 32-bit unit of ciphertext from the first 
32-bit unit of plaintext is a function of the external key 
EKEY and the initialisation vector IV. The module 10 
uses this first unit of ciphertext and the first unit of plain- 
text in addition to the external key EKEY and the initiali- 
sation vector IV to generate the second key IKEYt 
which is used in the cipher system 20 to generate a sec- 
ond unit of ciphertext from the second unit of plaintext. 
This process continues until all the plaintext has been 
processed. The final key IKEY n+1 used to encrypt or 
decrypt the final units of plaintext and ciphertext will be 
a function of all the previous (0 to n) units of plaintext 
and ciphertext. 

[0071] It is apparent from the schematic of Fig. 7 
that the complexity of encryption increases for each 
unit, because the information content of the internal key 
IKEY becomes a function of all previously input plaintext 
and generated ciphertext. However, while the encryp- 
tion of the first unit may be relatively weak owing to the 
relative simplicity of the key IKEY, this can be mitigated 
by iterating the encryption of the whole message using 



several different keys EKEY 

[0072] Furthermore, by reversing the order of the 
units for each iteration, the nominal strength of encryp- 
tion of each unit will be equivalent as each unit of 

5 ciphertext will be generated using keys IKEY that in total 
comprise information from the whole plaintext/cipher- 
text block. This implies that in Fig. 6, box 514, the point- 
ers of ciphertext/plaintext blocks could move in either 
direction. In 511 the move of the IP pointer will always 

10 be backwards. 

[0073] Once the full input information has been 
recovered, the correct decryption can be checked using 
the checksum tagged on the end of the input block. The 
256 bytes of random noise header is then separated 

is from the message information and the message infor- 
mation decompressed if it had been initially com- 
pressed. 

[0074] Since the pointer to the plaintext/ciphertext 
block is incremented or decremented in the plaintext or 

20 cipher text in units of 32 bits, the first 64 operations on 
plaintext will actually be performed on the random noise 
N header (see Fig. 4). This ensures that the initial con- 
tents of the general purpose memory 14 comprising the 
stacks 142 and registers 141 will be filled with random 

25 information before the first 32-bit word of plain- 
text/ciphertext is loaded into program memory 12. 
[0075] Due to the observed structure of most input 
strings the present embodiment of the invention actually 
process the input plaintext block (Fig. 4) in the f ight-to- 

30 left direction during the first iteration of the process 
according to Fig. 6., as this would be a security advan- 
tage for these inputs, and be of no significance to all 
other possible input strings. 

[0076] Whilst random noise is simply placed at the 

35 head of each data sequence as shown in Fig. 4, in a fur- 
ther embodiment of the invention this random noise is 
utilised to randomise the plaintext using a system based 
on iterating the states of cellular automata. 
[0077] In a further embodiment of the invention, the 

40 block cipher 20 incorporates substitution tables which 
are initialised using the initialisation vector IV and exter- 
nal key EKEY. In a still further embodiment of the inven- 
tion the above mentioned substitution tables are 
continuously updated to make the mapping from the 

45 input to the output varying. This is accomplished by 
swapping the addressed line of the decryption (incl. 
encryption) substitution table with another line 
addressed by a special field of the IKEY data. Since the 
mapping defined by a substitution table used in encryp- 

50 tion must be inverted for decryption, any amendment of 
this mapping at set-up must be followed by the inversion 
of the table. In the preferred embodiment, a substitution 
table for decryption is generated during set-up. and then 
has to be inverted to obtain the substitution table for 

55 encryption. Upon decryption of the ciphertext. only the 
decryption substitution table need be created. This 
means that processing cost is reduced in decryption 
compared to encryption. 
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[0078] It is preferred that in addition to at least one 
substitution table, the block cipher 20 includes a plural- 
ity of parallel operations, wherein the operations exe- 
cuted for any particular block is determined by the 
internal key IKEY generated by the module 10. This 5 
may be viewed as an arrangement of parallel paths, 
each path being associated with a specific operation. 
The internal key IKEY acts as a router, sending the 
plaintext or partially encrypted block down one of the 
paths. The operations may include, but are not limited 10 
to, mapping functions, the rotation of the block and addi- 
tion operations. One path may include no operation at 
all. This allows the function to be performed rapidly with- 
out compromising security, since the probability that a 
block undergoes a specific operation depends on the 75 
number of possible paths. 

[0079] It will be understood that the dimensions 
used for the various elements of data, for example the 
external key EKEY, the initialisation vector IV, and the 
units in which the plaintext and ciphertext are manipu- 20 
lated in the module 10 and the cipher system 20 are 
given by way of example only. It will be apparent to 
those skilled in the art that these values may be modi- 
fied to increase the security of the cipher function or 
reduce the processing time for any specific operation. 25 
Furthermore, modifications may be made to the content 
of the module 1 0 for the same purpose. 
[0080] As for the size of the external (secret) input 
key EKEY note that, at least in the present exemplifying 
embodiment of the invention, the key could be viewed 30 
as a compressed input software module, possibly writ- 
ten in the module- 13-language. Its recommended size 
should therefore preferably be in the order of several 
hundred bytes. This argument applies to the other 
inputs as well, such as the size of the input plaintext 35 
block and the size of the random Initialisation Vector IV. 
Note that this is implicitly included in the preferred struc- 
ture of the input (Fig 4). This will be an issue mostly 
when using the invention in security related environ- 
ments, and it should be noted that in random number 40 
applications (by example only) of the present invention, 
this note may be of no relevance. 
[0081] Also implicitly included in the present 
embodiment of the invention is that the internal informa- 
tion paths are intentionally of different sizes in different 45 
places. Referring to Fig. 3 the flow of information IKEY 
from module 10 to module 20 is much higher than the 
flow of information through module 20. Each 32 bits of 
plaintext, to be encrypted by module 20, corresponds to 
one instance of IKEY, which, in the preferred embodi- so 
ment, has the size 8 times 32 bits (or 13 times 32 bits 
from module 14 to module 15 in Fig. 1): 
[0082] This implies that each 32 bits of output from 
module 20 could, depending on IKEY, correspond to 
any 32 bit input plaintext, and that for each 32 bit output. 55 
from module 20, or possible each combination of 32 bit 
input and 32 bit output from mudule 20, could corre- 
spond to a large subset of all possible internal keys 



IKEY. 

[0083] The man skilled in the field of the present 
invention will clearly see the benefit of this construction, 
but note that in other application areas of the present 
invention, such as random number generation, this may 
not be necessary to achieve. 

[0084] An important characteristic of the arrange- 
ment and method according to the present invention is 
that providing an increased number of operations in the 
instruction table 13 will substantially improve the secu- 
rity of a system, or the quality of generated random 
numbers, by increasing the possible operations that 
may be performed. However, although such a modifica- 
tion will involve a higher initial hardware or software out- 
lay, the delay in encryption or decryption will not be 
increased, rf it is assumed that all instructions can be 
executed in approximately the same length of time. 
Accordingly, the security of a system may be increasing 
without an associated time penalty. 

Claims 

1 . An information processing arrangement for convert- 
ing message information from a first format into a 
second format, comprising 

a memory (14) for storing data. 

means (16, 11, 12) for updating said memory 

with input information, 

an instruction table (13) comprising a set of 
operations adapted to modify the state of said 
memory (14), 

processing means (1 1) adapted to select oper- 
ations from said instruction table (13) in 
response to at least part of said input informa- 
tion, and to execute said selected operations 
on the contents of said memory (14), 
at least one of said set of operations being 
selectable in response to any possible configu- 
ration of at least part of said input information, 
and means (15) for extracting output informa- 
tion from said memory (14). 

2. An arrangement as claimed in claim 1 , wherein said 
processing means (11) are adapted to respond to 
predetermined sized portions of said input informa- 
tion, said instruction table (13) comprising a 
number of operations that is at least equal to the 
total number of permutations of one of said por- 
tions. 

3. An arrangement as claimed in claim 1 or 2. wherein 
said memory (14) is extensible. 

4. An arrangement as claimed in any one of claims 1 
to 3, wherein said memory is a random access 
memory. 
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5. An arrangement as claimed in any one of claims 1 
to 4, wherein said extraction means (11, 15) are 
adapted to extract output data in response the 
value of a stop flag, wherein at least one operation 
in said instruction table (13) is configured to update 
the value of said stop flag. 

6. An arrangement as claimed in any one of claims 1 
to 5, wherein said memory (14) is configured to 
comprise at least one stack (142). 

7. An arrangement as claimed in any one of claims 1 
to 6, wherein said memory (14) comprises at least 
one register (141). 

8. An arrangement as claimed in any one of claims 1 
to 7, wherein the operations in said instruction table 
(13) are devised to cause said processing means 
(11) to update portions of said memory containing 
input information or a result of operations on said 
input information only. 

9. An arrangement as claimed in any one of claims 1 
to 8, wherein the operations in said instruction table 
(11) are different from one another and/or wherein 
the operations in said instruction table (11) com- 
prise such a large number of different operations 
that all combinations of said instructions can be 
simulated only by a data processing device having 
full computability. 

10- A system for the encryption and decryption of mes- 
sage data comprising a data processing arrange- 
ment (10) as claimed in any one of claims 1 to 9, 
and a cipher device (20). said cipher device being 
adapted to receive message data and at least one 
cipher key (I KEY) and generate encrypted data cor- 
responding to an encryption of said message data, 
wherein an output of said data processing arrange- 
ment (10) is connected to said cipher device (20) to 
output data extracted from said data processing 
arrangement (10) as said cipher key (IKEY). 

11. A system as claimed in claim 10, including noise 
generating means for incorporating random noise 
with said message data. 

12. A system as claimed in claim 10 or 11, including 
data compression means for compressing said 
message data. 

13. A system as claimed in any one of claims 10 to 12, 
comprising means (11, 12) for inputting said mes- 
sage data as input information into said data 
processing arrangement (10), and means for 
updating said memory (14) on the basis of said 
message data. 



14. A system as claimed in claim 13. wherein said 
processing means (1 1) are adapted to select oper- 
ations from said instruction table ( 1 3) in response to 
at least part of said message data. 

5 

15. A system as claimed in any one of claims 10 to 14. 
comprising means (11, 12) for inputting said 
encrypted data into said data processing arrange- 
ment (10). and means for updating said memory 

io (1 4) on the basis of said encrypted data. 

16. A system as claimed in claim 15, wherein said 
processing means (1 1) are adapted to select oper- 
ations from said instruction table (1 3) in response to 

15 at least part of said encrypted data. 

17. A system as claimed in any one of claims 10 to 16, 
wherein said cipher device (20) is adapted to per- 
form a block cipher function. 

20 

18. A system as claimed in any one of claims 10 to 16, 
wherein said cipher device (20) is adapted to per- 
form a stream cipher function. 

25 19. A system as claimed in any one of claims 10 to 18. 
including means (11.12. 14) for inputting a second 
cipher key (EKEY), and means (11) for updating 
said memory (14) on the basis of said second 
cipher key (EKEY). 

30 

20. A system as claimed in claim 19, including means 
for combining said second cipher key with said 
input information. 

35 21. A system as claimed in claim 20, including means 
for configuring said cipher device on the basis of 
said second cipher key (EKEY). 

22. A system as claimed in claim 10 to 21, including 
40 means (11, 14) for inputting a random noise 
sequence (IV), and means (11) for updating said 
memory (14) on the basis of said random noise 
sequence. 

45 23. A method for the conversion of information from a 
first format into a second format comprising 

establishing a set of operations for modifying 
the state of a memory, 
so storing input information in a first format in said 

memory, 

selecting operations from said set in response 
to at least part of said input information and 
executing said operations on information 
55 stored in said memory, wherein said set of 

operations is devised such that an operation 
can be selected in response to any possible 
input information stream, and extracting infor- 
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mation from said memory in a second format 
after executing at least one operation. 

24. A method as claimed in claim 23 including selecting 
operations on the basis of a portion of said input 
information, said portion having a number of possi- 
ble values that is no greater than the number of 
established operations. 

25. A method as claimed in claim 23 or 24 including 
defining a value of an entity to indicate when infor- 
mation can be extracted, at least one of said opera- 
tions being adapted to update the value of said 
entity on execution. 

26. A method as claimed in any one of claims 23 to 25, 
wherein said operations include substitution, addi- 
tion, subtraction and rotation operations, and/or an 
operation devised to alter the order of the other 
operations. 

27. A method as claimed in any one of claims 23 to 26, 
wherein said operations are each different from one 
another and/or wherein the operations in said 
instruction table (11) comprise such a large number 
of different operations that al! combinations of said 
instructions can be simulated only by a data 
processing device having full computability. 

28. A method for the encryption and decryption of mes- 
sage data comprising the method as claimed in any 
one of claims 23 to 27, including utilising said infor- 
mation extracted from said memory as a cipher key 
and encrypting said message data with a cipher 
function and said cipher key to generate encrypted 
information. 

29. A method as claimed in claim 28, including utilising 
said message data as at least part of said input 
information. 

30. A method as claimed in claim 28 or 29, including 
incorporating random noise with said message data 
prior to encryption. 

31. A method as claimed in any one of claims 28 to 30. 
including compressing said message data prior to 
encryption. 

32. A method as claimed in any one of claims 28 to 31 . 
including utilising said encrypted information as at 
least part of said input information. 

33. A method as claimed in any one of claims 28 to 32, 
including utilising a second cipher key (EKEY) to 
modify the contents of at least one of said instruc- 
tion set and said memory. 



34. A method as claimed in any one of claims 28 to 33, 
including utilising a second cipher key (EKEY) as 
input information. 

5 35. A method as claimed in claim 34, including iterating 
the encryption of message data a predetermined 
number of times. 

36. A method as claimed in claim 35, wherein a differ- 
10 ent second cipher key (EKEY) is utilised for each 

iteration. 

37. A method as claimed in claim 35 or 36, wherein the 
number of iterations is determined by said second 

is cipher key (EKEY). 

38. A method as claimed in any one of claims 28 to 37 
including utilising a random noise sequence (IV) to 
modify the contents of at least one of said instruc- 

20 tion set and/or said memory. 

39. A method as claimed in any one of claims 28 to 38, 
wherein said cipher function is a block cipher func- 
tion. 

25 

40. A method as claimed in claims 39, including utilis- 
ing said second cipher key (EKEY) to initialise said 
block function. 

30 41 . A method as claimed in any one of claims 28 to 38, 
wherein said cipher function is a stream cipher 
function. 

42. An arrangement for the encryption and decryption 
35 of information including a cipher system (20), 

message data inputting means (21, 22) com- 
municating with said cipher system, 
said cipher system being adapted to output 
40 cipher text in response to said message data 

and a cipher key, 

wherein means (10) for generating said cipher 
key are adapted to receive said message data, 
generate a cipher key as a function of said 
45 message data and output said cipher key to 

sajd cipher system. 

43. An arrangement as claimed in claim 42, wherein 
said cipher generating means communicates with 

so the output of said cipher system to receive said 
cipher text and is adapted to generate said cipher 
key as a function of said cipher text. 



44. An arrangement as claimed in any one of claims 42 
55 or 43. wherein said message data inputting means 
comprise random noise generating means con- 
nected to the input of said cipher system for com- 
bining noise data with said message data. 
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45. An arrangement as claimed in any one of claims 42 
to 44, characterised in that said cipher system is 
adapted to receive a second cipher key and to gen- 
erate said cipher text as a function of said second 
cipher key 

46. An arrangement as claimed in claim 45, wherein 
said key generating means is adapted to receive 
said second cipher key and to generate said cipher 
key as a function of said second cipher key. 

47. An arrangement as claimed in any one of claims 42 
to 46, wherein data compression means are asso- 
ciated with said message data input means for 
compressing said message data prior to its combi- 
nation with said random noise data. 

48. An arrangement as claimed in any one of claims 42 
to 47, characterised in 



5 



10 



15 



20 



that said key generating means comprise 
memory means, 

means for inputting said message data into 
said memory means, 

an instruction lookup table containing a set of 25 
predetermined operations, 
processing means adapted to select opera- 
tions from said lookup table in response to the 
content of said memory means and to execute 
said operations on the content of said memory 30 
means in accordance with said instructions, 
wherein said processing means are adapted to 
select a valid operation for all possible data 
contained in said memory means, 
and means for extracting data from said mem- 35 
ory means, and/or possibly wherein the opera- 
tions in said instruction table (11) comprise 
such a large number of different operations that 
ail combinations of said instructions can be 
simulated only by a data processing device 
having full computability. 

49. A machine readable electronic data recording 
device for use in a digital data processing machine, 
said data recording means being encoded with data 
representing a method for encrypting and decrypt- 
ing information as claimed in any one of claims 23 
to 41. 

50. A carrier signal modulated by signals representing so 
a computer program adapted to control a digital 
data processing machine to perform a method as 
claimed in any one of claims 23 to 41. 

55 
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